Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Security researchers from the University of Pennsylvania have highlighted a potential attack vector for accessing your mobile devices-the smudges from your fingertips.

In a paper (PDF) presented this week at the USENIX Security Symposium in Washington, D.C., the researchers revealed that oily residues on the surface of touch screens used on devices such as smartphones can be used to infer passwords.

"We believe smudge attacks are a threat for three reasons," the researchers wrote. "First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily available equipment such as a camera and a computer."

According to a study by comScore released last November, touch-screen mobile phone adoption in the United States grew by 159 percent between August 2008 and 2009, from 9.2 million to 23.8 million subscribers. This outpaced overall smartphone adoption, which grew at an otherwise respectable rate of 63 percent, from 20.7 million to 33.8 million subscribers.

Further reading

The researchers experimented with two types of Google Android-based smartphones, the HTC G1 and the HTC Nexus1, under various lighting and camera conditions.

In one experiment, the researchers found they were able to recover the entire password pattern 68 percent of the time after the phone had been in contact with a person's face, as would happen during a normal phone call. When the experiment was conducted with the pattern entered with only "light touches," partial information was discernible 30 percent of the time.

Though the researchers said the techniques could be applied to other smartphones and devices such as ATMs, they focused on Android phones with 389,112 possible password patterns. While the team called this a reasonably large space of patterns, in the event of smudge attacks the attackers can select a "highly likely set of patterns, increasing her chances of guessing the correct one before the phone locks-out."

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.